20 Ghidra Jobs

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Responsibilities : Research, analyze, and assess attack surface and vulnerability data Develop tailored and actionable mitigation strategies and plans to address vulnerability risk Work with new and emerging vulnerability data to identify potential attack paths in critical systems. Document, develop and present mitigation strategies in web applications, databases, standalone applications, etc. Analyze the root cause of vulnerabilities and support the prioritization of mitigations based on risk and return on mitigation Provide mitigation strategies that prioritize risk against level of effort for multiple systems or organizations Catalog mitigation advice, challenges, and trends and patterns Patch diffing and reverse engineering with tools such as Ghidra, IDA, etc. Provide subject matter expertise on tailored mitigations to resolve and remediate vulnerabilities on targeted technologies Work in fast-paced startup like environment with shifting priorities to handle and maintain balance with multiple stakeholders. Conduct research to assess and create software patches and configuration changes to be applied to varied software, middleware and hardware Provide assessment including security, system, and business impact of vulnerabilities Must be able to think ahead to avoid business outages based on the lab results Analyze vulnerability data and support management of identified vulnerabilities, including tracking, remediation, and reporting Desired Skills : Excellent understanding of network, system and application security Experience with IDA Pro, Ghidra, or similar binary analysis tool Knowledge of various vulnerability scanning solutions is a plus Excellent written and verbal communication Graduate with preferable 4 years degree or at least 3-year degree with computer science and information technology background Secure architecture designs and use of detection/protection mechanisms (e.g., firewalls, IDS/IPS, full-packet capture technologies) to mitigate risk A solid understanding of industry best practices for Patch Management Specific demonstrated experience mapping business processes and comparing those processes to industry best practices Background around using or understanding of security tools would be plus Solid understanding of the security implications of a patch on web applications, Windows, Linux, Mac OS operating systems Thorough testing of patches in a non-production environment Have working knowledge of basic operation systems commands and tooling - Windows, Linux, Mac OS Should have very good communication and articulation skills Ability and ready to learn new technology and should be a good team player What you get to do : Work within Threat Research, detection and response teams and analysts to define the priority, design the solution, and contribute to build framework for patching vulnerabilities Show more Show less

Job description Job Title: Senior Staff Security Researcher About Role : Develop cutting-edge IPS signatures that shield against emerging threats and Review signatures for other junior team members. Have sense of urgency for critical vulnerabilities and release it to customers. Analyze and reverse engineer cyber-attacks and new vulnerabilities (CVEs) and effectively implement preventive measures to stay ahead of evolving threats. Align with Engineering stakeholders and identify Research topics for IPS roadmap, build POCs for them and mentor junior team members for various research topics. Identify areas of process improvement, prioritize them with senior leaders, look at new Attack Frameworks, like Empire, MSF. Drive Competitive Analysis strategy along with senior leaders to stay ahead of the competition. Publish technical blogs to spread awareness and help defenders with the necessary resources to protect their organizations. Research various MITRE attack TTPs, replicate them in lab, build signatures and be represent IPS research team in MITRE evaluation process. Vulnerability RCA, reverse engineering and POC verification and signature development for MAPP program Capable of working with no supervision, represent IPS research team in various forums and come-up with new Research ideas. Company Benefits and Perks: We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees. Retirement Plans Medical, Dental and Vision Coverage Paid Time Off Paid Parental Leave Support for Community Involvement

Senior Security Engineer Experience: 3-8 Years Exp Salary: 10 to 30 LPA Preferred Notice Period: 60 Days Opportunity Type: Onsite (Bengaluru, Karnataka) Placement Type: Full-time (*Note: This is a requirement for one of Uplers' Clients) Must have required skills: Frida, Ghidra, Reverse Engineering Anakin (YC S21) (One of Uplers' Clients) is Looking for: Senior Security Engineer who is passionate about their work, eager to learn and grow, and committed to delivering exceptional results. If you are a team player, with a positive attitude and a desire to make a difference, then we want to hear from you. Role Overview Description About the Role: Were looking for an experienced engineer to help us understand and interact with web and mobile application APIs in a structured and compliant manner. This includes analysing how apps and websites generate secure API requests, inspecting native/mobile code, and building reliable systems for data extraction, strictly under the terms of service. Key Responsibilities: Analyse Android apps (Java/Kotlin/native code) to understand API flows and request signing mechanisms. Study browser and JavaScript behaviour to understand how websites structure and secure their API calls. Investigate how common client-side security mechanisms (e.g., token generation, header signing, session validation) are implemented. Build tools or automation scripts to replicate legitimate client behaviour in a compliant and respectful manner. Collaborate with internal teams to integrate and maintain data extraction systems responsibly. Must-Have Skills: Experience in reverse engineering Android apps (APK analysis, native code inspection). Deep understanding of web technologies, JavaScript execution, and HTTP protocol. Familiarity with client-side security implementations such as token generation, obfuscation, and API protection. Must have a solid understanding of JWT, JWE, cookies, and session management in web and mobile applications. Hands-on experience with tools like Frida, mitmproxy, Burp Suite, Wireshark, Ghidra/IDA Pro or similar. Strong scripting skills (Python, Node.js, etc.) Nice-to-Have: Background in security engineering, penetration testing, or application security research. Familiarity with CAPTCHA handling methods and automation frameworks (e.g., Puppeteer, Playwright). Experience with mobile app instrumentation (NDK, JNI). Experience working with large-scale distributed systems, as it helps in building scalable and resilient data extraction infrastructure. About Uplers: Our goal is to make hiring and getting hired reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant product and engineering job opportunities and progress in their career. (Note: There are many more opportunities apart from this on the portal.) So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!

Senior Security Consultant (Thick Application Penetration Tester) NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers. Join the mission as a Senior Security Consultant. We are seeking a skilled expert and detail-oriented Penetration Tester to conduct thorough security assessments, identify vulnerabilities, and provide expert recommendations to strengthen our clients' security posture. As a Penetration Tester supporting Thick Applications, you will be responsible for performing Thick and Web Application Testing, while working closely with clients to deliver clear, actionable reports and contribute to the development of security best practices. Responsibilities : Conduct engagements independently and provide technical oversight on: Thick Application Penetration Testing Includes Web Application Penetration (WaPen) testing. Occasionally includes Mobile (MaPen) and IOT/embedded penetration testing. Review reports for accuracy in technical oversight, perform weekly QA oversight, and provide mentoring support to others Create, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client-specific processes, reporting standards, and access protocols to help improve their security posture Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes Participate in development, implementation, and oversight of testing, delivery, and management strategies for key client accounts Research and develop innovative techniques, tools, and methodologies for penetration testing services. Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations. Minimum Qualifications : Bachelors degree or higher, with a focus on IT, Computer Science, Engineering or Math or equivalent experience Minimum of 5+ years of work experience in Thick Application Penetration Testing for applications written in managed (e.g. Java, C#, etc.) and unmanaged (e.g. C, C++, Swift, Rust, etc.) code Includes experience with offensive toolkits used in web application penetration testing. Experience with disassemblers and debuggers Examples include WinDbg, IDA, Ghidra, gdb and lldb. Experience with dynamic instrumentation toolkits Examples include Frida. Familiarity with offensive tools, based on applicable skillset (e.g., Kali Linux, Burp Suite, Metasploit, Nessus) Familiarity with offensive and defensive IT concepts and protocols Extensive understanding of the OWASP Top 10, MITRE ATT&CK framework, and various security frameworks. Working knowledge of Windows, Linux and MacOS operating systems internals Experience mentoring or coaching to growing team members, while sharing knowledge externally through blogs, hosting webinars, or presenting at conferences Ability to work independently and as part of a team Proficient communication skills, both written and verbal This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs Preferred Qualifications: Ability to provide technical and QA oversight on Thick Application service line. Experience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#) Experience performing fuzz testing. The ability to reverse engineer proprietary application layer protocols. Experience with IOT/embedded penetration testing. Offensive Security Certifications (e.g., GXPN, GPEN, OSCP, GWAPT) We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.

Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients. We specialize in multi-technology, complex environments with the in speed and agility needed to tackle the most advanced cyber threats. We leverage our global scale and decades of experience to accelerate our clients’ cyber outcomes through a full lifecycle of cybersecurity services. We are a global company with operating centers in the United States, Canada, the United Kingdom, and India. About the Job: We are seeking a highly experienced and strategic Principal Threat Researcher to lead advanced threat research initiatives and drive innovation in our threat intelligence program. In this senior-level role, you will uncover, analyze, and track advanced cyber threats, develop detection capabilities, and provide actionable intelligence to protect our customers, infrastructure, and global operations. As a thought leader in cybersecurity, you will collaborate across security, engineering, and executive teams to anticipate evolving threats, influence detection strategy, and contribute to the broader security community through cutting-edge research. Responsibilities: Function as a centralized malware reversing team for the company's needs. (support DFIR, Hunters, MDR, etc.) Track threat actors and campaigns via malware research, code reuse, infrastructure usage, general threat profiling Lead the discovery and analysis of advanced persistent threats (APTs), malware campaigns, and novel attack techniques Develop and maintain high-fidelity threat intelligence feeds and indicators of compromise (IOCs) Perform in-depth malware reverse engineering, exploit analysis, and behavioral analysis Drive strategic threat modeling and horizon scanning to anticipate future adversary behaviors. Collaborate with security operations, incident response, and product teams to build effective detection, prevention, and response mechanisms Publish research findings in whitepapers, blogs, and at conferences to share insights with the global security community Mentor junior researchers and contribute to team development and capability building Establish and maintain relationships with external intelligence communities, law enforcement, and trusted partners Requirements: 8+ years of experience in threat intelligence, threat research, or a related cybersecurity field Proven experience conducting complex investigations into malware, threat actor TTPs, or large-scale campaigns Strong proficiency in malware analysis tools (IDA Pro, Ghidra, Radare2), memory forensics, and reverse engineering In-depth knowledge of attacker techniques (MITRE ATT&CK), network protocols, and operating system internals (Windows, Linux, macOS).Proficiency in scripting or programming (Python, Go, C/C++) for automation and tooling Strong written and verbal communication skills with the ability to translate technical findings into business-relevant insights Skilled in writing concise, compelling, and actionable intelligence reports in English Able to lead intelligence briefings with customers in English Preferred: Experience with threat hunting and detection engineering in a cloud or enterprise environment Familiarity with cybercrime ecosystems, ransomware groups, nation-state threats, or dark web monitoring Contributions to public threat intelligence reports, CVEs, or open-source security tools Security certifications such as GIAC GREM, GCFA, OSCP, or equivalent Cyderes i s an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status. Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position. Show more Show less

We are looking for a Jr Security Engineer to join our R& D team to drive innovation on our mobile security platform and solve complex security challenges that impact businesses globally. Responsibilities Enhance the VA platform by adding capabilities to detect new vulnerabilities in the apps being scanned. Develop and deploy bypasses to ensure a seamless user experience during scans. Implement new features on the VA platform to enhance user experience and deliver greater value. Creating and publishing whitepapers. Requirements Good grasp in Reverse Engineering with exposure to Frida (must), Radare, Ghidra, Jadx, Binja, etc. Experience in developing sample Android or iOS apps. Strong research and analytical skills. Programming Skills - Python, JavaScript (Must Have). Experience with Git and GitHub. Should have 2-3 years of full-time experience in mobile app security, or show something that proves experience doesn't matter. Strong grasp of fundamentals in mobile application security. Strong problem-solving mindset - Enjoys tackling complex security challenges. Self-taught learner who keeps up with emerging technologies and threats. This job was posted by Vasudha Srivastava from Appknox. Show more Show less

Description As an IT/OT Vulnerability Assessment and Penetration Testing (VAPT) Engineer, you will be engaged in identifying and mitigating security vulnerabilities across IT systems, Industrial Control Systems (ICS), and Industrial Internet of Things (IIoT) environments. Your work will involve rigorous security assessments of critical infrastructure, SCADA systems, PLCs, field devices, gateways, and cloud-connected IIoT platforms. You will simulate advanced adversary tactics to expose vulnerabilities and provide strategic remediation guidance. The role is suited for professionals with a deep understanding of both enterprise IT security and industrial/embedded system ecosystems. Responsibilities 1-Vulnerability Assessment & Penetration Testing (IT + ICS/IIoT): Perform black-box, grey-box, and white-box VAPT on: Enterprise IT assets (servers, databases, web/mobile apps, Active Directory, cloud) OT/ICS assets (PLCs, RTUs, HMIs, engineering workstations, protocol gateways) IIoT platforms (MQTT/CoAP-based telemetry, edge gateways, cloud dashboards) Emulate APT-level attacks across air-gapped, segmented, or hybrid IT-OT architectures. Execute Red Team scenarios to simulate insider threats or supply chain compromise. 2- ICS Protocol & Field Device Security Testing: Analyze and exploit vulnerabilities in ICS protocols: Modbus TCP, DNP3, IEC 104, OPC-UA, S7comm, Profinet, BACnet, CIP (EtherNet/IP), MQTT, CoAP Perform live traffic analysis, packet manipulation, and protocol fuzzing to test resilience. Evaluate control logic vulnerabilities in ladder logic, structured text, and function blocks. 3- Firmware & Hardware Exploitation (IIoT/ICS Devices): Extract and analyze firmware from industrial devices using JTAG, UART, SPI interfaces. Perform static and dynamic analysis using Ghidra, Binwalk, Radare2, or IDA Pro. Reverse engineer file systems (e.g., squashfs, cramfs) and analyze web interfaces or CLI backdoors. Exploit misconfigured bootloaders, insecure firmware upgrade mechanisms, or exposed debug ports. 4- Network Architecture & Segmentation Testing: Review and test IT-OT segmentation via firewall ACLs, VLANs, DMZ configurations. Assess trust relationships, weak credential policies, and insecure remote access (e.g., exposed VNC, Telnet, RDP). Identify unauthorized bridging of air-gapped networks or misconfigured routing/switching. 5- Cloud & IIoT Platform Security: Evaluate MQTT brokers, edge-to-cloud telemetry, and analytics pipelines. Test REST APIs, insecure mobile app integrations, and cloud misconfigurations (S3, IAM, IoT Core). Identify insecure certificate handling, default API tokens, and lack of encryption at rest/in transit. Reporting & Mitigation Develop technical and executive-level reports with CVSS scoring, attack paths, and exploitation evidence. Recommend hardening measures for both IT (patches, SIEM, EDR) and OT (control policy tuning, physical zoning, least privilege for operators). Coordinate with ICS engineers, IT admins, and SOC teams for patch validation and monitoring upgrades. Compliance & Framework Alignment Ensure assessments comply with industry and regulatory frameworks: NIST SP 800-82, ISA/IEC 62443, ISO 27001, NERC CIP, SANS ICS Top 20 Map findings to MITRE ATT&CK for ICS and monitor emerging CVEs relevant to industrial products. Eligibility Educational Background: Bachelor’s or Master’s in Cybersecurity, Computer Science, Industrial Automation, Electronics, or a related field. Technical Skills: Deep knowledge of ICS/SCADA systems, embedded architectures, and real-time OS (VxWorks, QNX, FreeRTOS). Hands-on experience with tools: VAPT Tools: Nessus, Burp Suite, Metasploit, Nmap, Nikto, SQLMap ICS Tools: Wireshark, Scapy, PLCScan, ICSFuzz, S7comm Tools, Conpot, ModScan Firmware Tools: Binwalk, Ghidra, Radare2, OpenOCD, Logic Analyzers IIoT Security: Shodan, Censys, MQTTX, Postman, OWASP ZAP Certifications (Preferred): OSCP, GRID, GICSP, CRT, CRTP, CEH, CISSP, or equivalent. Participation in ICS/IoT-focused CTFs or open-source contributions is a plus. Travel As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams. Communication Submit a cover letter summarising your experience in relevant technologies and software along with a resume and the Latest passport-size photograph. Show more Show less

Description Invent the future with us. Recognized by Fast Company’s 2023 100 Best Workplaces for Innovators List, Ampere is a semiconductor design company for a new era, leading the future of computing with an innovative approach to CPU design focused on high-performance, energy efficient, sustainable cloud computing. By providing a new level of predictable performance, efficiency, and sustainability Ampere is working with leading cloud suppliers and a growing partner ecosystem to deliver cloud instances, servers and embedded/edge products that can handle the compute demands of today and tomorrow. Join us at Ampere and work alongside a passionate and growing team — we’d love to have you apply! About The Role We are seeking a highly skilled and experienced Information Security Engineer with deep expertise in forensics and incident response to join our global cybersecurity team. The ideal candidate will hold a GIAC Certified Forensic Analyst (GCFA) certification and have a proven track record in handling advanced security incidents, performing digital forensics, and conducting malware reverse engineering. This role will serve as a technical lead for complex security incidents, threat hunting activities, and post-incident investigations. You will work in close collaboration with threat intelligence, SOC Tier 1 and 2 teams, IT, legal, and compliance departments to protect and defend the organization from advanced threats. What you’ll achieve: Lead high-severity security incident investigations and coordinate response efforts across internal stakeholders. Perform endpoint, network, and cloud-based forensics to determine root cause, scope, and impact of cyber incidents. Conduct reverse engineering of malware and other threat artifacts to understand tactics, techniques, and procedures (TTPs). Develop and improve SOAR capabilities in forensics and reporting. Develop and improve incident response playbooks and standard operating procedures. Collaborate with Tier 1 and Tier 2 SOC analysts to provide mentorship and technical guidance. Perform proactive threat hunting using data analytics and intelligence. Liaise with legal, compliance, and HR teams during internal investigations as required. Participate in red/blue/purple team exercises to improve detection and response capabilities. Work with global counterparts to provide 24/7 incident handling coverage and continuous improvement of SOC operations. Assist with evidence collection and reporting in line with legal and regulatory requirements. About You Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience). Preferred Forensic focus. Minimum 5 years of hands-on experience in cybersecurity, with at least 3 years in forensics and incident response. GIAC Certified Forensic Analyst (GCFA) certification is required. Additional GIAC certifications in forensics Proven experience leading security investigations and managing incident response workflows. Strong knowledge of SIEM, EDR, forensic tools (e.g., EnCase, FTK, Volatility), and malware analysis platforms. Deep understanding of the MITRE ATT&CK framework and threat actor behaviors. Experience in reverse engineering malware using tools like IDA Pro, Ghidra, or similar. Familiarity with cloud platforms (AWS, Azure, GCP) and incident response in hybrid environments. Additional certifications such as GREM, GCFE, GCIA. GNFA, GBFA, GCIH Experience in scripting or automation using Python, PowerShell, or Bash. Prior experience in a global or multinational enterprise SOC. Ability to work independently under pressure and communicate effectively with technical and non-technical audiences. Ability to follow investigations to root cause and closure What We’ll Offer At Ampere we believe in taking care of our employees and providing a competitive total rewards package that includes base pay, bonus (i.e., variable pay tied to internal company goals), long-term incentive, and comprehensive benefits. Benefits Highlights Include Premium medical, dental, vision insurance, parental benefits including creche reimbursement, as well as a retirement plan, so that you can feel secure in your health, financial future and child care during work. Generous paid time off policy so that you can embrace a healthy work-life balance Fully catered lunch in our office along with a variety of healthy snacks, energizing coffee or tea, and refreshing drinks to keep you fueled and focused throughout the day. And there is much more than compensation and benefits. At Ampere, we foster an inclusive culture that empowers our employees to do more and grow more. We are passionate about inventing industry leading cloud-native designs that contribute to a more sustainable future. We are excited to share more about our career opportunities with you through the interview process. Ampere is an inclusive and equal opportunity employer and welcomes applicants from all backgrounds. All qualified applicants will receive consideration for employment without regard to race, color, national origin, citizenship, religion, age, veteran and/or military status, sex, sexual orientation, gender, gender identity, gender expression, physical or mental disability, or any other basis protected by federal, state or local law. Show more Show less

a Bit About Us Appknox is one of the top Mobile Application security companies recognized by Gartner and G2. A profitable B2B SaaS startup headquartered in Singapore & working from Bengaluru. The primary goal of Appknox is to help businesses and mobile developers secure their mobile applications with a focus on delivery speed and high-quality security audits. Appknox has helped secure mobile apps at Fortune 500 companies with major brands spread across regions like India, South-East Asia, Middle-East, US, and expanding rapidly. We have secured 300+ Enterprises globally. We are a 30+ incredibly passionate team working to make an impact and helping some of the biggest companies globally. We work in a highly collaborative, very fast-paced work environment. If you have what it takes to be part of the team, we are excited and let’s speak further. The Opportunity We’re looking for a Jr Security Engineer to join our R&D team to drive innovation on our mobile security platform and solve complex security challenges that impact businesses globally What An Ideal Candidate Would Look Like Good grasp in Reverse Engineering with exposure to Frida (must), Radare, Ghidra, Jadx, Binja etc. Experience in developing sample Android or iOS apps Strong research and analytical skills Programming Skills - Python, JavaScript (Must Have) Experience with Git & GitHub Minimum Requirements Should have 2-3 years of full-time experience in mobile app security or show something that proves experience doesn’t matter Strong grasp of fundamentals in mobile application security Strong problem-solving mindset – Enjoys tackling complex security challenges Self-taught learner who keeps up with emerging technologies and threats Key Responsibilities Enhance the VA platform by adding capabilities to detect new vulnerabilities on the apps being scanned. Develop and deploy bypasses to ensure seamless user experience during scans. Implement new features on the VA platform to enhance user experience and deliver greater value. Creating and publishing whitepapers. Work Expectations Within 3 months Implement at least 2 test cases to detect new vulnerability with the help of team members Within 6 months Contribute to the product independently with minimal to no supervision Within 1 year Research and publish whitepapers Personality traits we really admire:- A confident and dynamic working persona, which can bring fun to the team, and a sense of humour, is an added advantage. Great attitude to ask questions, learn and suggest process improvements. Has attention to details and helps identify edge cases. Highly motivated and coming up with fresh ideas and perspectives to help us move towards our goals faster. Follow timelines and absolute commitment to deadlines. Interview Process - would be team-specific Round 1 Interview - Profile Evaluation; HR Round 2 - Technical Interview with security team members Round 3 - Technical Interview with the CTO and Team Lead Round 4 - HR Round Compensation As per Industry Standards  Why Join Us:- Freedom & Responsibility: If you are a person who enjoys challenging work & pushing your boundaries, then this is the right place for you. We appreciate new ideas & ownership as well as flexibility with working hours. Great Salary & Equity: We keep up with the market standards & provide pay packages considering updated standards. Also as Appknox continues to grow, you’ll have a great opportunity to earn more & grow with us. Moreover, we also provide equity options for our top performers. Holistic Growth: We foster a culture of continuous learning and take a much more holistic approach to train and develop our assets: the employees. We shall also support you all on that journey of yours. Transparency: Being a part of a start-up is an amazing experience, one of the reasons being open communication & transparency at multiple levels. Working with Appknox will give you the opportunity to experience it all first-hand. Skills:- Penetration testing, IT security, Software security, Mobile security, Android Testing and iOS Testing Show more Show less

Position Senior Security Engineer - IOT Experience Job Description: 6–10 years of relevant experience in system security, embedded systems, and vulnerability assessments. Key Skills Firmware Analysis Tools: Expertise in using firmware analysis tools such as Ghidra, Binwalk, and Radare2 for static and dynamic analysis of firmware images. Embedded Linux Platforms: In-depth knowledge of embedded Linux, Yocto, and OpenWRT platforms for secure firmware and OS testing. Secure Boot & Firmware Update Mechanisms: Proficiency in testing secure boot processes and firmware update mechanisms, ensuring integrity and authenticity. OS Hardening & Security Configurations: Strong understanding of OS hardening techniques and security configurations to mitigate threats and enhance system integrity. Vulnerability Assessment & CVE Analysis: Extensive experience with vulnerability assessment frameworks and CVE analysis, identifying and addressing security vulnerabilities in embedded systems. Debugging & Emulation Tools: Proficient in using debugging tools and emulators such as QEMU to analyze embedded system behavior. SBOM & Secure Update Protocols: Familiarity with SBOM (Software Bill of Materials), patch management, and secure update protocols to ensure safe software deployments. Firmware Reverse Engineering: Expertise in performing reverse engineering of firmware images to detect vulnerabilities and potential exploits. Penetration Testing Frameworks: Experience using penetration testing frameworks like Metasploit, Kali Linux, and custom tools for system vulnerability testing. Custom Test Case Development: Ability to develop and execute custom test cases to simulate real-world attack scenarios and identify potential risks in embedded systems. Leadership & Mentoring: Strong leadership skills with a proven track record of mentoring junior engineers and guiding teams in advanced security testing methodologies. Technical Writing & Reporting: Excellent technical writing skills, including the ability to produce clear, concise, and detailed reports on security findings and risk assessments. Proactive Security Risk Mitigation: Proactive in identifying and mitigating security risks within embedded systems, ensuring the implementation of security best practices. Responsibilities Leadership in Security Testing: Lead system-level Vulnerability Assessment and Penetration Testing (VAPT) for firmware, operating systems, and embedded software, ensuring thorough security evaluations. Test Plan Development & Execution: Develop and implement comprehensive test plans for secure update and patch validation, ensuring security fixes are applied correctly and without introducing new risks. Firmware Static & Dynamic Analysis: Conduct detailed static and dynamic analysis of firmware images using tools like Ghidra, Binwalk, and Radare2 to identify potential vulnerabilities. Secure Boot & Root of Trust Validation: Validate secure boot implementations and hardware root of trust to ensure system integrity and protection from malicious code injection. OS Hardening & Access Control Testing: Test OS hardening configurations and secure access control mechanisms to strengthen system defenses against unauthorized access and exploitation. Vulnerability Identification & Classification: Identify and classify vulnerabilities and misconfigurations in embedded systems, following industry standards such as CVSS for risk assessment and remediation prioritization. Collaboration with Compliance & Engineering: Work closely with compliance and engineering teams to prioritize remediation efforts, ensuring that vulnerabilities are addressed effectively. Custom Attack Simulations: Develop and execute custom test cases to simulate real-world attack scenarios and evaluate the system's resilience against cyber threats. Rollback & Patch Management Testing: Oversee testing of rollback and patch management procedures, ensuring that system updates do not compromise security or functionality. Mentoring & Knowledge Sharing: Mentor junior engineers in security testing methodologies, sharing knowledge on advanced techniques and tools for improving system security testing processes. CVE Monitoring & Testing Updates: Monitor relevant CVE feeds, integrating new vulnerabilities and security patches into testing procedures to ensure up-to-date protection. Reporting & Risk Assessments: Provide detailed technical reports and risk assessments to stakeholders, outlining identified vulnerabilities, potential impact, and recommended mitigations. Regulatory Compliance: Ensure that all testing activities align with industry standards, including RED 18031 compliance, and adhere to relevant regulatory frameworks. Secure Lab Environment Maintenance: Maintain a secure lab environment for all system testing activities, ensuring that testing procedures are conducted in a controlled and isolated setting. Qualifications & Certifications Education: Bachelor's or Master’s degree in Cybersecurity, Embedded Systems, Computer Engineering, or a related field. Certifications (Preferred): OSCP (Offensive Security Certified Professional) OSCE (Offensive Security Certified Expert) GXPN (GIAC Exploit Researcher and Advanced Penetration Tester) Equivalent certifications in ethical hacking, penetration testing, or embedded system security are also highly valued. Industry Standards Familiarity: Familiarity with security frameworks such as ISO/IEC 62443, RED 18031, and IoT security frameworks. Why Join Us? Opportunity to work with cutting-edge automation technologies in a collaborative and innovative environment. Competitive salary and benefits package. Career growth opportunities in a fast-paced and dynamic industry. A strong focus on work-life balance and employee well-being. Location: IN-GJ-Ahmedabad, India-Ognaj (eInfochips) Time Type Full time Job Category Engineering Services Show more Show less

Description As an Automotive Cybersecurity Engineer, you will be responsible for assessing and enhancing the security of connected vehicles through advanced penetration testing, wireless and hardware exploitation, and embedded system analysis. You will evaluate vehicle communication systems, infotainment platforms, and remote entry mechanisms to identify vulnerabilities that could compromise vehicle safety, privacy, and functionality. This position is ideal for cybersecurity professionals passionate about automotive technologies, embedded interfaces, and threat simulation. Responsibilities Perform Security Testing of In-Vehicle Systems: Conduct assessments of vehicle internal networks (e.g., CAN, OBD-II) to identify and exploit vulnerabilities in communication flows and control mechanisms. Analyze infotainment systems and user interfaces for privacy concerns, data leakage, and potential malware injection points. Simulate remote and physical attack vectors, including key fob signal replay, wireless intrusion, and unauthorized access. Evaluate Embedded & Wireless Communication Interfaces: Assess the security of Bluetooth, Wi-Fi, and RF-based protocols used in the vehicle ecosystem. Examine communication channels between connected mobile applications, infotainment clusters, and backend services. Test for privilege escalation, data interception, and firmware or hardware manipulation. Reverse Engineer Vehicle Architectures: Understand and map circuit-level data flows across ECUs and control modules. Extract and analyze firmware, debug interfaces, and physical ports for security analysis. Utilize diagnostic tools, CAN analyzers, and SDR platforms for in-depth testing. Identify Vulnerabilities and Recommend Mitigation: Document test findings with detailed risk assessments and technical evidence. Work with internal teams and OEMs to recommend security hardening measures. Contribute to the ongoing improvement of testing methodologies and lab capabilities. Stay Aligned with Industry Standards: Ensure compliance with national and international automotive cybersecurity standards, including AIS 189, ISO/SAE 21434, and UN R155. Stay updated on emerging vehicle technologies and cyber threat landscapes. Eligibility Educational Background: Bachelor’s degree in electrical/Electronics, Computer Science, Cybersecurity, or related discipline. Technical Skills: Knowledge of vehicle networking protocols (CAN, LIN, UDS). Experience with CAN analysis tools (CANalyzer, SavvyCAN, PCAN). Familiarity with Android-based systems, ADB, rooting, and mobile OS exploitation. Experience in wireless exploitation (Wi-Fi, Bluetooth, RF using SDR). Circuit and system-level debugging, reverse engineering PCBs, or automotive modules. Experience: 1–4 years of experience in penetration testing, embedded security, or automotive security assessment. Desired Eligibility Exposure to AIS 189 or ISO/SAE 21434 frameworks. Participation in hardware-based CTFs, red teaming, or automotive-focused security research. Familiarity with tools such as Metasploit, Burp Suite, IDA Pro, Ghidra, Wireshark, and SDR tools. Certifications like CEH, CRTP, OSCP, PJPT, PNPT, or relevant embedded/automotive certifications. Ability to work in lab environments and travel for on-site testing engagements. Travel As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams. Communication Submit a cover letter summarising your experience in relevant technologies and software along with a resume and the Latest passport-size photograph. Show more Show less

About Us At SentinelOne, we’re redefining cybersecurity by pushing the limits of what’s possible—leveraging AI-powered, data-driven innovation to stay ahead of tomorrow’s threats. From building industry-leading products to cultivating an exceptional company culture, our core values guide everything we do. We’re looking for passionate individuals who thrive in collaborative environments and are eager to drive impact. If you’re excited about solving complex challenges in bold, innovative ways, we’d love to connect with you. What are we looking for? We are looking for talented Windows, Linux, and macOS researchers; people who are always looking to analyze and break things while looking for a complete understanding of how they work; people who live to beat the system and challenge it, and people who are in pursuit of outsmarting malware and overcoming it to protect our customers. What will you do? You’ll be part of an exceptional malware detection team that will ensure we provide the best detection, protection, and visibility capabilities to our customers at any given time. The team does it by performing in-depth analysis and research of threats and vulnerabilities while also being responsible for closing the detection gap through the development and deployment of signatures to millions of endpoints across the globe. You’ll be working closely with other detection teams to ensure our customers get the best security products they can. Your time will be mostly focused on research and development Research You’ll perform cutting edge research and analyze (through reverse engineering and other methods) files, TTPs, exploits, and malwares to understand how they operate and behave. The research will mostly be based on binaries and sample files but may also be based on other types of data sources like events and behaviors. You’ll get the opportunity to work on the latest threats and malware samples to tackle sophisticated challenges of cyber security. Your research findings will be used for delivering new signatures and/or shared with other detection teams to improve our products’ detection capabilities. As a malware research expert, you’ll collaborate with many internal/external teams to form a consensus group of experts who will enhance the detection using their expertise and knowledge. Development You’ll be responsible for developing the signatures for all of our engines that will improve our detection, protection, and visibility, reaching all of our millions of endpoints across the globe. You’ll be responsible for the quality and accuracy (FP/FNs) of the deliverables and be accountable for them. You’ll create, maintain, and improve existing infrastructure and tools that are being used by the team. You will also be encouraged to write white papers, blogs, and articles (only if you wish to). What experience or knowledge should you bring? A dedication to continuous learning and skill development to meet evolving job demands. Minimum 3 years of experience in both static and dynamic malware analysis and reverse engineering. Proficiency with reverse engineering and analysis tools, such as disassemblers, compilers, and debuggers like IDA, Ghidra, Hopper, LLDB, GDB. Strong background in malware analysis and understanding its behavior consisting of advanced malware techniques, including anti -tampering, defense evasion, lateral movement, persistence and ransomware activities. Good understanding of MITRE attack TTPs. A strong inclination towards automating routine tasks and increasing efficiency. Excellent and deep understanding of Linux (both UM and KM) Excellent understanding how core system components (Process and Threads, IPC, tracing, Security, Virtual Memory, eBPF) work behind the scenes. Understanding of Containers and K8s. Understanding of ARM/ M1 architecture Understanding of sandbox internals/escapes, Transparency, Consent and Control (TCC) internals/escapes. Understanding of security mechanisms File Quarantine, XProtect , Gatekeeper Why us? You will be joining a cutting-edge company, where you will tackle extraordinary challenges and work with the very best in the industry along with competitive compensation. Flexible working hours and hybrid/remote work model. Flexible Time Off. Flexible Paid Sick Days. Global gender-neutral Parental Leave (16 weeks, beyond the leave provided by the local laws) Generous employee stock plan in the form of RSUs (restricted stock units) On top of RSUs, you can benefit from our attractive ESPP (employee stock purchase plan) Gym membership/sports gears . Wellness Coach app, with 3,000+ on-demand sessions, daily interactive classes, audiobooks, and unlimited private coaching. Private medical insurance plan for you and your family. Life Insurance covered by S1 (for employees) Telemedical app consultation (zyla) Global Employee Assistance Program (confidential counseling related to both personal and work life matters) High-end MacBook or Windows laptop. Home-office-setup allowances (one time) and maintenance allowance. Internet allowances. Provident Fund and Gratuity (as per govt clause) NPS contribution (Employee contribution) Half yearly bonus program depending on the individual and company performance. Above standard referral bonus as per policy. LinkedIn learning Business platform for Hard/Soft skills Training & Support for your further educational activities/trainings Sodexo food coupons. SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. SentinelOne participates in the E-Verify Program for all U.S. based roles. Show more Show less

Join Us! At Google Operations Center we help Google users and customers solve problems and achieve their goals—all while enjoying a culture focused on improving continuously and being better together. We work hard, we play hard, and we want you to join us! As a Security Engineer Specialist on the Android Security Operations team you will be part of a cross functional team that is the first line of defense against harmful applications in the Android ecosystem. You will work closely with teams of Software Engineers and Security Engineers to review potentially malicious applications, develop automated detection systems that leverage state-of-the-art static and dynamic analysis tools and provide technical expertise to influence new Android policies, tackle complex technical investigations, and engage in impactful work that protects billions of users all over the world. Overall Responsibilities Reverse engineer Android applications; including breaking down and reviewing code Investigate threats to the android ecosystem and provide technical consultation in developing new policies, prioritizing strong security and privacy for users while also considering developer and user experience. Analyze the effectiveness of current static and dynamic analysis systems and make recommendations for improvement. Investigate new malware techniques and develop automated detection for new malicious behaviors and IOCs. Analyze telemetry data to look for anomalies that may indicate abusive or unwanted software. Conduct investigations to identify new harmful behaviors, enforce product policies, and analyze distribution trends. Collaborate with cross-functional groups such as Engineering, Policy and Legal to update policies, fix product loopholes, and provide users with a better mobile experience. Minimum Requirements Bachelor's degree in Computer Science or in a related field, or equivalent practical experience. 2+ years of experience in security research/analysis, in the context of malware/abuse detection. Excellent verbal and written communication skills Experience working with reverse engineering tools or decompilers used to identify vulnerabilities in web applications or Android applications such as Burp, Jadx, Frida, and JEB Preferred Qualifications Preferred Qualifications Having as many of these specific qualifications is a plus, but transferable skills/experiences may be equally valuable: Experience with developing or analyzing Android applications Experience with analyzing Malware applications Experience reading assembly and understanding of unpacking obfuscated code Experience in software reverse engineering, code-level security auditing or Android system security Experience working with tools such as IDA Pro, Ghidra Experience coding in Python, SQL and Java Benefits We support you with competitive wages and comprehensive health care including medical, dental and vision coverage We support your family with gender-neutral baby bonding leave, 26 week birth-parent maternity leave, and generous life, accident and disability insurance minimums We support your teams with free daily lunch, fully stocked micro-kitchens, and culture clubs and employee resource groups that let you share what you care about At the Google Operations Center, we don't just accept differences - we celebrate them, we support them, and we thrive on them for the benefit of our employees, our products, and our community. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know. Show more Show less

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary: As an Automotive Cybersecurity Architect, you will define the end-to-end security architecture and strategy for in-vehicle systems, telematics, and cloud-connected services, ensuring alignment with regulatory requirements and industry best practices. You will also lead penetration testing efforts, document security controls across ECUs and communication interfaces, and guide the implementation of secure system designs across the vehicle ecosystem. Roles & Responsibilities: • Define and implement end-to-end cybersecurity architecture for connected vehicles, ECUs, and backend services, ensuring alignment with ISO/SAE 21434, UNECE WP.29, and CSMS requirements. • Develop secure communication and firmware update frameworks, supporting over-the-air (OTA) updates and in-vehicle data integrity. • Perform threat modeling and risk analysis using industry-standard methodologies such as HEAVENS, STRIDE, and attack trees to identify vulnerabilities across vehicle networks and interfaces. • Guide the definition of mitigation strategies and ensure full traceability between threats, assets, and controls throughout the development lifecycle. • Plan and lead security validation activities, including advanced penetration testing and fuzzing of vehicle interfaces (CAN, DoIP, Ethernet, Bluetooth, Wi-Fi, Cellular). • Create and maintain documentation for test cases, tooling, security controls, and validation outcomes across ECUs and connected modules. • Collaborate with cross-functional teams to drive secure design practices in diagnostics, boot process, and firmware integrity verification. • Conduct vulnerability assessments using tools such as CANoe, CANalyzer, Wireshark, Ghidra, and custom analysis scripts, and support remediation planning. • Lead red team exercises and security reviews in coordination with product security and development teams. • Represent cybersecurity in internal audits and regulatory assessments, ensuring alignment with WP.29 R155/R156 and ISO 26262. • Work with suppliers and partners to evaluate and integrate security solutions aligned with evolving vehicle cybersecurity requirements. Professional & Technical Skills: • Extensive experience (12+ years) in embedded and automotive systems, with over 6 years specializing in automotive cybersecurity strategy, architecture, and threat analysis. • Hands-on experience designing and executing penetration testing of automotive systems, including ECUs, ADAS, telematics, infotainment, and V2X components, across in-vehicle networks and external interfaces. • Strong knowledge of in-vehicle communication protocols such as CAN, LIN, FlexRay, DoIP, and automotive diagnostic protocols (UDS), as well as wireless technologies including Bluetooth, Wi-Fi, and Cellular. • In-depth understanding of secure communication protocols and cryptographic standards, including TLS, MACsec, AES, RSA, ECC, and Public Key Infrastructure (PKI) for automotive applications. • Proven experience in designing and implementing Secure Boot, Secure OTA (Over-the-Air) update mechanisms, and ECU firmware authentication using HSMs and trusted execution environments. • Demonstrated ability to conduct and lead threat modeling and risk assessments using HEAVENS, STRIDE, attack trees, and DFD methodologies in compliance with ISO/SAE 21434. • Familiarity with regulatory and compliance frameworks such as UNECE WP.29 (R155/R156), CSMS, and ISO 26262, and practical experience aligning security activities to these standards. • Proficiency in security validation tools and platforms including Canoe, CANalyzer, Wireshark, Ghidra, Scapy, and custom-built tools for binary analysis, fuzzing, and reverse engineering. • Experience guiding vulnerability remediation efforts across hardware and software development teams in an Agile or V-model development environment. • Strong technical documentation skills and the ability to translate complex cybersecurity concepts into actionable guidance for engineering and compliance teams. • Capable of engaging with external vendors, regulatory bodies, and cross-functional stakeholders to align security requirements, audits, and certifications. Additional Information: • 7+ years’ experience implementing and performing Automotive Cybersecurity • This position is based at our Bengaluru office • A 15-year full time education is required • Good to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary: As an Automotive Cybersecurity Engineer, you will implement and validate security controls across in-vehicle systems, ensuring protection of ECUs, telematics units, and connected vehicle infrastructure. You will contribute to threat modeling and diagnostics hardening efforts, support penetration testing activities, and document the integration of cybersecurity measures in alignment with regulatory and technical requirements. Roles & Responsibilities: • Support the development and implementation of cybersecurity controls across ECUs, telematics systems, and in-vehicle networks in alignment with ISO/SAE 21434 and company CSMS. • Participate in security architecture and design reviews, contributing to the definition and validation of security requirements for embedded vehicle systems. • Conduct and document threat modeling and risk assessments using methodologies such as HEAVENS, STRIDE, and custom attack graphs. • Perform penetration testing and intrusion validation on in-vehicle protocols including CAN, DoIP, and Ethernet, as well as wireless interfaces such as Bluetooth and Wi-Fi. • Assist in the execution of fuzz testing and vulnerability analysis using tools like CANoe, Wireshark, Scapy, and Python-based custom scripts. • Contribute to the validation of secure boot mechanisms and assist in reverse engineering activities to verify firmware security compliance. • Work with software and hardware teams to analyze security issues, identify root causes, and define corrective actions and mitigations. • Maintain operational documentation, including test procedures, vulnerability logs, and mitigation tracking in compliance with regulatory requirements. • Collaborate with cross-functional teams to integrate secure diagnostics, access control strategies, and key management protocols. • Participate in internal assessments and support audit readiness for cybersecurity compliance frameworks such as UNECE WP.29 and ISO 26262. Professional & Technical Skills: • Experience supporting in-vehicle cybersecurity programs with 8+ years in embedded or automotive systems development, including 3–4 years focused on penetration testing, diagnostics security, or secure ECU architecture. • Hands-on experience conducting security testing and vulnerability assessments on vehicle communication interfaces such as CAN, DoIP, and Ethernet, as well as wireless protocols including Bluetooth, Wi-Fi, and cellular. • Strong working knowledge of UDS diagnostics (ISO 14229), secure diagnostics access control, and protocol fuzzing techniques to uncover vulnerabilities in ECUs and vehicle gateways. • Proficiency with security testing tools and platforms such as CANoe, Wireshark, Scapy, Python, and Ghidra for traffic analysis, custom scripting, and reverse engineering. • Familiarity with cryptographic principles and practical usage of cryptographic libraries (e.g., OpenSSL, mbedTLS) and hardware security modules (HSM) for secure key storage, boot processes, and firmware authentication. • Experience supporting OTA (Over-the-Air) update platforms and ensuring their secure integration using encryption, authentication, and rollback protection mechanisms. • Exposure to cybersecurity development in Agile-based or V-model automotive environments, working collaboratively with software, systems, and validation teams. • Knowledge of regulatory and compliance standards relevant to automotive cybersecurity, including ISO/SAE 21434, UNECE WP.29 (R155/R156), and functional safety (ISO 26262). • Ability to document test cases, generate detailed security analysis reports, and provide engineering teams with clear recommendations and follow-up actions for mitigation. • Demonstrated problem-solving skills and the ability to troubleshoot complex issues related to embedded systems security, communication integrity, and control system protection. Additional Information: • 5+ years’ experience implementing and performing Automotive Cybersecurity • Experience with AUTOSAR (Classic/Adaptive), ECU firmware security, or secure telematics units. • This position is based at our Bengaluru office • A 15-year full-time education is required • Good to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary: As an Automotive Cybersecurity Specialist, you will support the implementation and validation of security measures across vehicle systems and embedded platforms. You will assist in penetration testing, contribute to threat analysis activities, and help ensure secure communication and firmware integrity in alignment with automotive cybersecurity standards. Roles & Responsibilities: • Assist in the execution of penetration testing activities targeting ECUs, in-vehicle communication networks, and diagnostic services to identify common vulnerabilities and misconfigurations. • Support the use of automotive security tools such as CANoe, Wireshark, Scapy, and basic fuzzing frameworks to simulate attacks and gather system responses for analysis. • Collect and organize logs, analyze test outputs, and document findings to assist senior security engineers in remediation and tracking of identified issues. • Execute validation of standard UDS diagnostic services, including support for testing access controls, session management, and secure diagnostic configurations. • Participate in asset identification and support foundational threat modeling efforts, including contributing to risk assessments and mitigation tracking under guidance. • Assist in documenting security design considerations and implementation steps in alignment with ISO/SAE 21434 and internal cybersecurity processes. • Collaborate with cybersecurity, software, and validation teams to support the integration of security controls across vehicle platforms. • Continuously learn and apply core concepts of automotive cybersecurity, including secure communication, ECU hardening, and regulatory standards like WP.29 and ISO 26262. Professional & Technical Skills: • 5+ years of experience in embedded systems, automotive engineering, or related fields, with growing specialization in cybersecurity principles and practices. • Familiarity with in-vehicle communication protocols including CAN, UDS, and DoIP, with hands-on exposure to using tools such as CANoe, Wireshark, and Scapy for traffic analysis and basic attack simulation. • Foundational understanding of penetration testing methodologies, vulnerability identification, and the use of fuzzers to evaluate ECU communication robustness. • Exposure to diagnostics security concepts, including secure diagnostic sessions, seed-key mechanisms, and access control layers for UDS services. • Basic knowledge of cybersecurity frameworks and risk assessment methodologies such as STRIDE, HEAVENS, and ISO/SAE 21434. • Experience contributing to documentation of test results, secure design inputs, and mitigation reports under guidance from senior cybersecurity engineers. • Understanding of secure firmware update concepts and cryptographic basics, including symmetric/asymmetric encryption, HSM usage, and key management fundamentals. • Experience working in Agile or V-model development environments, collaborating with cross-functional teams including validation, software, and systems engineering. • Demonstrated eagerness to learn new cybersecurity tools, standards, and technologies relevant to modern connected vehicle platforms. • Strong analytical skills and attention to detail, with the ability to follow structured testing and security validation procedures. Additional Information: • 3+ years’ experience implementing and performing Automotive Cybersecurity • Knowledge of tools like CANoe, Wireshark, or Ghidra. • Basic understanding of ISO 21434, seed/key security, OTA updates, and cryptographic modules. • This position is based at our Bengaluru office • A 15-year full-time education is required • Good to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary: As an Automotive Cybersecurity Engineer, you will implement and validate security controls across in-vehicle systems, ensuring protection of ECUs, telematics units, and connected vehicle infrastructure. You will contribute to threat modeling and diagnostics hardening efforts, support penetration testing activities, and document the integration of cybersecurity measures in alignment with regulatory and technical requirements. Roles & Responsibilities: • Support the development and implementation of cybersecurity controls across ECUs, telematics systems, and in-vehicle networks in alignment with ISO/SAE 21434 and company CSMS. • Participate in security architecture and design reviews, contributing to the definition and validation of security requirements for embedded vehicle systems. • Conduct and document threat modeling and risk assessments using methodologies such as HEAVENS, STRIDE, and custom attack graphs. • Perform penetration testing and intrusion validation on in-vehicle protocols including CAN, DoIP, and Ethernet, as well as wireless interfaces such as Bluetooth and Wi-Fi. • Assist in the execution of fuzz testing and vulnerability analysis using tools like CANoe, Wireshark, Scapy, and Python-based custom scripts. • Contribute to the validation of secure boot mechanisms and assist in reverse engineering activities to verify firmware security compliance. • Work with software and hardware teams to analyze security issues, identify root causes, and define corrective actions and mitigations. • Maintain operational documentation, including test procedures, vulnerability logs, and mitigation tracking in compliance with regulatory requirements. • Collaborate with cross-functional teams to integrate secure diagnostics, access control strategies, and key management protocols. • Participate in internal assessments and support audit readiness for cybersecurity compliance frameworks such as UNECE WP.29 and ISO 26262. Professional & Technical Skills: • Experience supporting in-vehicle cybersecurity programs with 8+ years in embedded or automotive systems development, including 3–4 years focused on penetration testing, diagnostics security, or secure ECU architecture. • Hands-on experience conducting security testing and vulnerability assessments on vehicle communication interfaces such as CAN, DoIP, and Ethernet, as well as wireless protocols including Bluetooth, Wi-Fi, and cellular. • Strong working knowledge of UDS diagnostics (ISO 14229), secure diagnostics access control, and protocol fuzzing techniques to uncover vulnerabilities in ECUs and vehicle gateways. • Proficiency with security testing tools and platforms such as CANoe, Wireshark, Scapy, Python, and Ghidra for traffic analysis, custom scripting, and reverse engineering. • Familiarity with cryptographic principles and practical usage of cryptographic libraries (e.g., OpenSSL, mbedTLS) and hardware security modules (HSM) for secure key storage, boot processes, and firmware authentication. • Experience supporting OTA (Over-the-Air) update platforms and ensuring their secure integration using encryption, authentication, and rollback protection mechanisms. • Exposure to cybersecurity development in Agile-based or V-model automotive environments, working collaboratively with software, systems, and validation teams. • Knowledge of regulatory and compliance standards relevant to automotive cybersecurity, including ISO/SAE 21434, UNECE WP.29 (R155/R156), and functional safety (ISO 26262). • Ability to document test cases, generate detailed security analysis reports, and provide engineering teams with clear recommendations and follow-up actions for mitigation. • Demonstrated problem-solving skills and the ability to troubleshoot complex issues related to embedded systems security, communication integrity, and control system protection. Additional Information: • 5+ years’ experience implementing and performing Automotive Cybersecurity • Experience with AUTOSAR (Classic/Adaptive), ECU firmware security, or secure telematics units. • This position is based at our Bengaluru office • A 15-year full-time education is required • Good to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary: As an Automotive Cybersecurity Specialist, you will support the implementation and validation of security measures across vehicle systems and embedded platforms. You will assist in penetration testing, contribute to threat analysis activities, and help ensure secure communication and firmware integrity in alignment with automotive cybersecurity standards. Roles & Responsibilities: • Assist in the execution of penetration testing activities targeting ECUs, in-vehicle communication networks, and diagnostic services to identify common vulnerabilities and misconfigurations. • Support the use of automotive security tools such as CANoe, Wireshark, Scapy, and basic fuzzing frameworks to simulate attacks and gather system responses for analysis. • Collect and organize logs, analyze test outputs, and document findings to assist senior security engineers in remediation and tracking of identified issues. • Execute validation of standard UDS diagnostic services, including support for testing access controls, session management, and secure diagnostic configurations. • Participate in asset identification and support foundational threat modeling efforts, including contributing to risk assessments and mitigation tracking under guidance. • Assist in documenting security design considerations and implementation steps in alignment with ISO/SAE 21434 and internal cybersecurity processes. • Collaborate with cybersecurity, software, and validation teams to support the integration of security controls across vehicle platforms. • Continuously learn and apply core concepts of automotive cybersecurity, including secure communication, ECU hardening, and regulatory standards like WP.29 and ISO 26262. Professional & Technical Skills: • 5+ years of experience in embedded systems, automotive engineering, or related fields, with growing specialization in cybersecurity principles and practices. • Familiarity with in-vehicle communication protocols including CAN, UDS, and DoIP, with hands-on exposure to using tools such as CANoe, Wireshark, and Scapy for traffic analysis and basic attack simulation. • Foundational understanding of penetration testing methodologies, vulnerability identification, and the use of fuzzers to evaluate ECU communication robustness. • Exposure to diagnostics security concepts, including secure diagnostic sessions, seed-key mechanisms, and access control layers for UDS services. • Basic knowledge of cybersecurity frameworks and risk assessment methodologies such as STRIDE, HEAVENS, and ISO/SAE 21434. • Experience contributing to documentation of test results, secure design inputs, and mitigation reports under guidance from senior cybersecurity engineers. • Understanding of secure firmware update concepts and cryptographic basics, including symmetric/asymmetric encryption, HSM usage, and key management fundamentals. • Experience working in Agile or V-model development environments, collaborating with cross-functional teams including validation, software, and systems engineering. • Demonstrated eagerness to learn new cybersecurity tools, standards, and technologies relevant to modern connected vehicle platforms. • Strong analytical skills and attention to detail, with the ability to follow structured testing and security validation procedures. Additional Information: • 3+ years’ experience implementing and performing Automotive Cybersecurity • Knowledge of tools like CANoe, Wireshark, or Ghidra. • Basic understanding of ISO 21434, seed/key security, OTA updates, and cryptographic modules. • This position is based at our Bengaluru office • A 15-year full-time education is required • Good to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary: As an Automotive Cybersecurity Specialist, you will support the implementation and validation of security measures across vehicle systems and embedded platforms. You will assist in penetration testing, contribute to threat analysis activities, and help ensure secure communication and firmware integrity in alignment with automotive cybersecurity standards. Roles & Responsibilities: • Assist in the execution of penetration testing activities targeting ECUs, in-vehicle communication networks, and diagnostic services to identify common vulnerabilities and misconfigurations. • Support the use of automotive security tools such as CANoe, Wireshark, Scapy, and basic fuzzing frameworks to simulate attacks and gather system responses for analysis. • Collect and organize logs, analyze test outputs, and document findings to assist senior security engineers in remediation and tracking of identified issues. • Execute validation of standard UDS diagnostic services, including support for testing access controls, session management, and secure diagnostic configurations. • Participate in asset identification and support foundational threat modeling efforts, including contributing to risk assessments and mitigation tracking under guidance. • Assist in documenting security design considerations and implementation steps in alignment with ISO/SAE 21434 and internal cybersecurity processes. • Collaborate with cybersecurity, software, and validation teams to support the integration of security controls across vehicle platforms. • Continuously learn and apply core concepts of automotive cybersecurity, including secure communication, ECU hardening, and regulatory standards like WP.29 and ISO 26262. Professional & Technical Skills: • 5+ years of experience in embedded systems, automotive engineering, or related fields, with growing specialization in cybersecurity principles and practices. • Familiarity with in-vehicle communication protocols including CAN, UDS, and DoIP, with hands-on exposure to using tools such as CANoe, Wireshark, and Scapy for traffic analysis and basic attack simulation. • Foundational understanding of penetration testing methodologies, vulnerability identification, and the use of fuzzers to evaluate ECU communication robustness. • Exposure to diagnostics security concepts, including secure diagnostic sessions, seed-key mechanisms, and access control layers for UDS services. • Basic knowledge of cybersecurity frameworks and risk assessment methodologies such as STRIDE, HEAVENS, and ISO/SAE 21434. • Experience contributing to documentation of test results, secure design inputs, and mitigation reports under guidance from senior cybersecurity engineers. • Understanding of secure firmware update concepts and cryptographic basics, including symmetric/asymmetric encryption, HSM usage, and key management fundamentals. • Experience working in Agile or V-model development environments, collaborating with cross-functional teams including validation, software, and systems engineering. • Demonstrated eagerness to learn new cybersecurity tools, standards, and technologies relevant to modern connected vehicle platforms. • Strong analytical skills and attention to detail, with the ability to follow structured testing and security validation procedures. Additional Information: • 3+ years’ experience implementing and performing Automotive Cybersecurity • Knowledge of tools like CANoe, Wireshark, or Ghidra. • Basic understanding of ISO 21434, seed/key security, OTA updates, and cryptographic modules. • This position is based at our Bengaluru office • A 15-year full-time education is required • Good to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP 15 years full time education

As a TEAMMATE: We are looking for a talented Penetration Tester who likes to break software and embedded devices. Natus Sensory Division needs a qualified Penetration Tester to join our team! As our penetration tester, you will be responsible for conducting regular audits and inspections in order to make sure our systems are secure. You will be required to configure information systems as well as design and create new systems in order to fix known vulnerabilities. The ideal candidate will have previous experience in the IT Security field, as well as previous experience in a position as a penetration tester. You may also be required to assist other IT Security employees with tasks and present information to the correct supervisors when requested. If this position sounds of interest to you, please don’t hesitate to apply! We would love to have you on our team. The Penetration Tester will provide broad and in-depth knowledge to conduct cyber operations across the organization globally. In this role, you will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective and response controls across the global technology landscape. You will use your expertise to help influence technology decisions and work as part of a team to create consistent approaches to the offensive security processes and techniques. Here’s what you can expect: Location: Remote Main Responsibilities : Conduct formal testing on computer systems Assess the security of computer software and hardware Conduct security audits and legal cyberattack simulations by designing and utilizing hacking tools to access designated pieces of data during a predetermined time frame Generate tools for breaking into security systems Detect and correct system weaknesses Provide recommendations based on an assessment of hardware and software systems Implement solutions to enhance data security Travel: Up to 10% domestic or international travel on an as needed basis, such as to visit a Natus or customer site for complex investigations What we are looking for: Bachelor’s degree in Computer Science or related technical field, with minimum 5+ years of penetration testing related experience CPT or CEH certification is desirable but not required Experience with medical device industry or other heavily regulated industry Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.) Ability to identify and exploit mobile and desktop vulnerabilities (API issues, insecure storage, memory corruption, deep links, etc.) Clear communication skills and English fluency in speaking and writing Team player in a globally diverse environment Web application penetration testing Mobile application penetration testing Source code vulnerability analysis Robust creativity and analytical problem-solving skills Deep knowledge of at least one programming language (C#, Python, Go, Java, PowerShell, etc.) Knowledge of technical systems and terminology Proficiency in scripting languages Additional skills: Network penetration testing experience with advanced knowledge of Linux and/or Windows OS and experience in supporting and installing multiple software products Protocol analysis CTF experience Secure coding practices Cryptography Reading and writing assembly (x86 and ARM) Binary analysis tools and debuggers (IDA Pro, Ghidra, WinDbg, etc.) Exploit Development Embedded systems experience Physical security or red team experience Strong knowledge of information security best practices, standards, guidelines, and frameworks, including NIST 800-53, NIST RMF, and NIST CSF. Strongly preferred: FDA Pre-market and Post-market Guidance for Cybersecurity in Medical Devices, the HIPPA Security Rule, HSCC Joint Security Plan, AAMI TIR57, ISO/IEC 27000 family We offer The role is a work-from-home remote position. Minimal travelling: less than 5% Collaborative and international environment with different cultures. English company language. EEO Statement Natus Sensory is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, veteran status, disability, sexual orientation, gender identity, or any other protected status.